From b46388bf76acb60f6c51fd8c85810653d7d8331b Mon Sep 17 00:00:00 2001
From: Benoit Ducarouge <80013210+Ducarouge@users.noreply.github.com>
Date: Wed, 14 Feb 2024 17:34:37 +0100
Subject: [PATCH] fix retrieval of groups from identity (#82)

---
 src/access_control.py | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/access_control.py b/src/access_control.py
index acb5272..ecd6a36 100644
--- a/src/access_control.py
+++ b/src/access_control.py
@@ -25,24 +25,24 @@ def is_admin(self, identity):
         # Extract user infos from identity
         if isinstance(identity, dict):
             username = identity.get('username')
-            group = identity.get('group')
+            groups = identity.get('groups', [])
         else:
             username = identity
-            group = None
+            groups = []
         session = self.config_models.session()
-        admin_role = self.admin_role_query(username, group, session)
+        admin_role = self.admin_role_query(username, groups, session)
         session.close()
 
         return admin_role
 
-    def admin_role_query(self, username, group, session):
+    def admin_role_query(self, username, groups, session):
         """Create base query for all permissions of a user and group.
 
         Combine permissions from roles of user and user groups, group roles and
         public role.
 
         :param str username: User name
-        :param str group: Group name
+        :param list(str) groups: List of groups name
         :param Session session: DB session
         """
         Role = self.config_models.model('roles')
@@ -63,7 +63,7 @@ def admin_role_query(self, username, group, session):
 
         # query permissions from group roles
         group_roles_query = query.join(Role.groups_collection) \
-            .filter(Group.name == group)
+            .filter(Group.name.in_(groups))
 
         # combine queries
         query = groups_roles_query.union(user_roles_query) \